Overview
Title : Third-Party Resilience Manager
Reporting into: Rosse O'Neill
Work level: 2C
Location: 100VE
Scope: Global
Business Context
Unilever is a leading global supplier of Food, Home, and Personal Care products with sales in over 190 countries. The Cyber Security organization protects the Confidentiality, Integrity and Availability of information and operations and operates a 24x7 Security Operations Centre (SOC). The GRAC, Tech & Ops, BISO, and Office of the CISO teams form part of the Cyber Security function.
Role Purpose
The Third-Party Cyber Resilience Manager is responsible for ensuring the organization can prepare for, respond to, and recover from cyber incidents that involve a third party with minimal impact to business operations. This role bridges cyber security, business continuity, and risk management, driving strategic and operational initiatives to enhance resilience across our functions. This role supports the BISO to enhance our cyber resilience posture across third-party relationships.
Role Summary
We are seeking a highly skilled and strategic Global Third-Party Cyber Resilience Manager to lead and enhance our cyber resilience posture across third-party relationships. This role designs, implements, and continuously improves the global third-party cyber resilience framework to ensure suppliers, partners, and service providers meet robust cybersecurity standards and can respond effectively to cyber threats.
Key Responsibilities
* Strategy & Governance
o Develop and maintain the third-party cyber resilience strategy aligned with business objectives and regulatory requirements.
o Establish governance structures, policies, and frameworks for third-party resilience.
o Collaborate with internal stakeholders (e.g., TPRM, Procurement, Legal, Risk, IT) to embed resilience into vendor lifecycle management.
* Risk Assessment & Monitoring
o Conduct resilience risk assessments for critical third-party vendors.
o Define and monitor impact tolerance thresholds for external services.
o Ensure vendors comply with cybersecurity and disaster recovery standards.
* Testing & Validation
o Lead tabletop exercises, failover testing, and exit strategy validations with vendors.
o Evaluate third-party incident response and recovery capabilities.
* Reporting & Communication
o Provide regular updates to senior leadership on third-party resilience posture.
o Maintain dashboards and metrics to track vendor performance and risk exposure.
o Support regulatory reporting and audit readiness.
* Continuous Improvement
o Identify gaps and recommend remediation measures to improve third-party resilience.
o Stay current with industry trends, threats, and regulatory changes.
The position calls for a strategic individual with strong communication and influencing skills. This leader will leverage knowledge and experience to support the global cyber security program and align it with business needs while mitigating evolving threats. The role supports the Global CISO in building relationships with internal leaders and executives on cyber security and cyber risk to enable cyber security as a business driver.
Main Accountabilities
* Third-party Resilience Strategy & Framework
o Develop and maintain a comprehensive third-party cyber resilience framework.
o Align resilience practices with organizational risk appetite, regulatory requirements, and business continuity goals.
* Vendor Risk Assessment & Classification
o Identify and classify third-party vendors based on criticality and potential impact on business operations.
o Conduct resilience risk assessments and ensure appropriate controls are in place.
* Resilience Testing & Assurance
o Design and execute resilience testing programs (e.g., failover, recovery, tabletop exercises) for critical vendors.
o Validate third-party incident response, disaster recovery, and business continuity capabilities.
* Monitoring & Reporting
o Continuously monitor third-party resilience posture and performance against agreed SLAs and KPIs.
o Report findings, risks, and remediation progress to senior stakeholders and governance forums.
* Regulatory Compliance & Audit Readiness
o Ensure third-party resilience practices meet regulatory standards (e.g., DORA, NIS2, ISO 22301).
o Support internal and external audits, including evidence gathering and remediation tracking.
* Stakeholder Engagement & Collaboration
o Work with TPRM, Procurement, Legal, Risk, and IT to embed resilience into vendor lifecycle processes.
o Act as a subject matter expert for third-party resilience across the organization.
* Continuous Improvement & Innovation
o Identify opportunities to enhance third-party resilience through automation, tooling, and process optimization.
o Stay informed of emerging threats, technologies, and best practices in cyber resilience.
Key Skills and Relevant Experience
Skills:
* Excellent written and verbal communication skills and the ability to be understood by both technical and non-technical personnel.
* Proven ability to lead and motivate a senior team.
* Ability to lead through accountability with delegated responsibilities.
* Ability to manage conflicting priorities and multiple tasks.
* Stakeholder management and interpersonal skills at both technical and non-technical levels.
* Outstanding influencing ability.
* Ability to work in a collaborative environment.
* Outstanding critical thinking and problem-solving skills.
* Customer-oriented mindset, whether responding to queries or delivering new services.
* Skills in Programme and Project Management.
Experience:
* Practical experience in Third-Party Risk and Cyber Security.
* Experience leading major programs across a global organization.
* Experience and proven track record in Cyber Security and driving complex change agendas.
* Ability to challenge the status quo with strategic and operational business awareness.
* Experience in a customer-focused environment.
* Knowledge of applications or the technical landscape within the domain and experience delivering Cyber Security projects.
Behaviours
Demonstrate Unilever Standards of Leadership and Values, including:
* Agility – adapt leadership style and plans to changing situations with urgency.
* Talent Catalyst – develop and empower people, foster collaboration.
* Passion for High Performance – energize and focus teams to deliver results quickly.
#J-18808-Ljbffr